samplecode/remoteattestation/Application/enclave/src/lib.rs - incubator-teaclave-sgx-sdk - Git at Google

 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License..

 #![crate_name = "raenclave"]
 #![crate_type = "staticlib"]

 #![cfg_attr(not(target_env = "sgx"), no_std)]
 #![cfg_attr(target_env = "sgx", feature(rustc_private))]

 #![allow(unused_variables)]

 extern crate sgx_types;
 extern crate sgx_trts;
 #[cfg(not(target_env = "sgx"))]
 #[macro_use]
 extern crate sgx_tstd as std;
 extern crate sgx_tdh;
 extern crate sgx_tcrypto;
 extern crate sgx_tkey_exchange;

 use sgx_types::*;
 use sgx_trts::memeq::ConsttimeMemEq;
 use sgx_tcrypto::*;
 use sgx_tkey_exchange::*;
 use std::slice;
 use std::vec::Vec;

 const G_SP_PUB_KEY : sgx_ec256_public_t = sgx_ec256_public_t {
     gx : [0x72, 0x12, 0x8a, 0x7a, 0x17, 0x52, 0x6e, 0xbf,
           0x85, 0xd0, 0x3a, 0x62, 0x37, 0x30, 0xae, 0xad,
           0x3e, 0x3d, 0xaa, 0xee, 0x9c, 0x60, 0x73, 0x1d,
           0xb0, 0x5b, 0xe8, 0x62, 0x1c, 0x4b, 0xeb, 0x38],
     gy : [0xd4, 0x81, 0x40, 0xd9, 0x50, 0xe2, 0x57, 0x7b,
           0x26, 0xee, 0xb7, 0x41, 0xe7, 0xc6, 0x14, 0xe2,
           0x24, 0xb7, 0xbd, 0xc9, 0x03, 0xf2, 0x9a, 0x28,
           0xa8, 0x3c, 0xc8, 0x10, 0x11, 0x14, 0x5e, 0x06]
 };

 #[no_mangle]
 pub extern "C"
 fn enclave_init_ra(b_pse: i32, p_context: &mut sgx_ra_context_t) -> sgx_status_t {
     let mut ret: sgx_status_t = sgx_status_t::SGX_SUCCESS;
     match rsgx_ra_init(&G_SP_PUB_KEY, b_pse) {
         Ok(p) => {
             *p_context = p;
             ret = sgx_status_t::SGX_SUCCESS;
         },
         Err(x) => {
             ret = x;
             return ret;
         }
     }
     ret
 }

 #[no_mangle]
 pub extern "C"
 fn enclave_ra_close(context: sgx_ra_context_t) -> sgx_status_t {
     match rsgx_ra_close(context) {
         Ok(()) => sgx_status_t::SGX_SUCCESS,
         Err(x) => x
     }
 }

 #[no_mangle]
 pub extern "C"
 fn verify_att_result_mac(context : sgx_ra_context_t,
                          message : * const u8,
                          msg_size: size_t,
                          mac     : * const u8,
                          mac_size: size_t) -> sgx_status_t {

     let ret:sgx_status_t;
     let mk_key:sgx_ec_key_128bit_t;
     let mac_slice;
     let message_slice;
     let mac_result:sgx_cmac_128bit_tag_t;

     if mac_size != SGX_MAC_SIZE || msg_size > u32::max_value as usize {
         ret = sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
         return ret;
     }

     unsafe {
         mac_slice = slice::from_raw_parts(mac, mac_size as usize);
         message_slice = slice::from_raw_parts(message, msg_size as usize);
     }

     if mac_slice.len() != SGX_MAC_SIZE as usize  ||
        message_slice.len() != msg_size as usize {
         ret = sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
         return ret;
     }

     match rsgx_ra_get_keys(context, sgx_ra_key_type_t::SGX_RA_KEY_MK) {
         Ok(k) => mk_key = k,
         Err(x) => return x
     }

     match rsgx_rijndael128_cmac_slice(&mk_key, message_slice) {
         Ok(tag) => mac_result = tag,
         Err(x) => return x
     }

     if mac_slice.consttime_memeq(&mac_result) == false {
         return sgx_status_t::SGX_ERROR_MAC_MISMATCH;
     }

     sgx_status_t::SGX_SUCCESS
 }

 #[no_mangle]
 pub extern "C"
 fn verify_secret_data(context : sgx_ra_context_t,
                       p_secret: * const u8,
                       sec_size: u32,
                       gcm_mac : &[u8;16],
                       max_vlen: u32,
                       p_ret   : & mut [u8;16]) -> sgx_status_t {

     let ret:sgx_status_t;
     let sk_key:sgx_ec_key_128bit_t;

     match rsgx_ra_get_keys(context, sgx_ra_key_type_t::SGX_RA_KEY_SK) {
         Ok(key) => sk_key = key,
         Err(x) => return x
     }

     let secret_slice = unsafe {
         slice::from_raw_parts(p_secret, sec_size as usize)
     };

     if secret_slice.len() != sec_size as usize {
         ret = sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
         return ret;
     }

     let mut decrypted_vec: Vec<u8> = vec![0; sec_size as usize];
     let decrypted_slice = &mut decrypted_vec[..];
     let iv = [0;12];
     let aad:[u8;0] = [0;0];

     let ret = rsgx_rijndael128GCM_decrypt(&sk_key,
                                           &secret_slice,
                                           &iv,
                                           &aad,
                                           gcm_mac,
                                           decrypted_slice);

     match ret {
         Ok(()) => {
             if decrypted_slice[0] == 0 && decrypted_slice[1] != 1 {
                 return sgx_status_t::SGX_ERROR_INVALID_SIGNATURE;
             }
             else {
                 return sgx_status_t::SGX_SUCCESS;
             }
         },
         Err(_) => {
             return sgx_status_t::SGX_ERROR_UNEXPECTED;
         }
     }
 }
	// Licensed to the Apache Software Foundation (ASF) under one
	// or more contributor license agreements. See the NOTICE file
	// distributed with this work for additional information
	// regarding copyright ownership. The ASF licenses this file
	// to you under the Apache License, Version 2.0 (the
	// "License"); you may not use this file except in compliance
	// with the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing,
	// software distributed under the License is distributed on an
	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	// KIND, either express or implied. See the License for the
	// specific language governing permissions and limitations
	// under the License..

	#![crate_name = "raenclave"]
	#![crate_type = "staticlib"]

	#![cfg_attr(not(target_env = "sgx"), no_std)]
	#![cfg_attr(target_env = "sgx", feature(rustc_private))]

	#![allow(unused_variables)]

	extern crate sgx_types;
	extern crate sgx_trts;
	#[cfg(not(target_env = "sgx"))]
	#[macro_use]
	extern crate sgx_tstd as std;
	extern crate sgx_tdh;
	extern crate sgx_tcrypto;
	extern crate sgx_tkey_exchange;

	use sgx_types::*;
	use sgx_trts::memeq::ConsttimeMemEq;
	use sgx_tcrypto::*;
	use sgx_tkey_exchange::*;
	use std::slice;
	use std::vec::Vec;

	const G_SP_PUB_KEY : sgx_ec256_public_t = sgx_ec256_public_t {
	gx : [0x72, 0x12, 0x8a, 0x7a, 0x17, 0x52, 0x6e, 0xbf,
	0x85, 0xd0, 0x3a, 0x62, 0x37, 0x30, 0xae, 0xad,
	0x3e, 0x3d, 0xaa, 0xee, 0x9c, 0x60, 0x73, 0x1d,
	0xb0, 0x5b, 0xe8, 0x62, 0x1c, 0x4b, 0xeb, 0x38],
	gy : [0xd4, 0x81, 0x40, 0xd9, 0x50, 0xe2, 0x57, 0x7b,
	0x26, 0xee, 0xb7, 0x41, 0xe7, 0xc6, 0x14, 0xe2,
	0x24, 0xb7, 0xbd, 0xc9, 0x03, 0xf2, 0x9a, 0x28,
	0xa8, 0x3c, 0xc8, 0x10, 0x11, 0x14, 0x5e, 0x06]
	};

	#[no_mangle]
	pub extern "C"
	fn enclave_init_ra(b_pse: i32, p_context: &mut sgx_ra_context_t) -> sgx_status_t {
	let mut ret: sgx_status_t = sgx_status_t::SGX_SUCCESS;
	match rsgx_ra_init(&G_SP_PUB_KEY, b_pse) {
	Ok(p) => {
	*p_context = p;
	ret = sgx_status_t::SGX_SUCCESS;
	},
	Err(x) => {
	ret = x;
	return ret;
	}
	}
	ret
	}

	#[no_mangle]
	pub extern "C"
	fn enclave_ra_close(context: sgx_ra_context_t) -> sgx_status_t {
	match rsgx_ra_close(context) {
	Ok(()) => sgx_status_t::SGX_SUCCESS,
	Err(x) => x
	}
	}

	#[no_mangle]
	pub extern "C"
	fn verify_att_result_mac(context : sgx_ra_context_t,
	message : * const u8,
	msg_size: size_t,
	mac : * const u8,
	mac_size: size_t) -> sgx_status_t {

	let ret:sgx_status_t;
	let mk_key:sgx_ec_key_128bit_t;
	let mac_slice;
	let message_slice;
	let mac_result:sgx_cmac_128bit_tag_t;

	if mac_size != SGX_MAC_SIZE \|\| msg_size > u32::max_value as usize {
	ret = sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
	return ret;
	}

	unsafe {
	mac_slice = slice::from_raw_parts(mac, mac_size as usize);
	message_slice = slice::from_raw_parts(message, msg_size as usize);
	}

	if mac_slice.len() != SGX_MAC_SIZE as usize \|\|
	message_slice.len() != msg_size as usize {
	ret = sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
	return ret;
	}

	match rsgx_ra_get_keys(context, sgx_ra_key_type_t::SGX_RA_KEY_MK) {
	Ok(k) => mk_key = k,
	Err(x) => return x
	}

	match rsgx_rijndael128_cmac_slice(&mk_key, message_slice) {
	Ok(tag) => mac_result = tag,
	Err(x) => return x
	}

	if mac_slice.consttime_memeq(&mac_result) == false {
	return sgx_status_t::SGX_ERROR_MAC_MISMATCH;
	}

	sgx_status_t::SGX_SUCCESS
	}

	#[no_mangle]
	pub extern "C"
	fn verify_secret_data(context : sgx_ra_context_t,
	p_secret: * const u8,
	sec_size: u32,
	gcm_mac : &[u8;16],
	max_vlen: u32,
	p_ret : & mut [u8;16]) -> sgx_status_t {

	let ret:sgx_status_t;
	let sk_key:sgx_ec_key_128bit_t;

	match rsgx_ra_get_keys(context, sgx_ra_key_type_t::SGX_RA_KEY_SK) {
	Ok(key) => sk_key = key,
	Err(x) => return x
	}

	let secret_slice = unsafe {
	slice::from_raw_parts(p_secret, sec_size as usize)
	};

	if secret_slice.len() != sec_size as usize {
	ret = sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
	return ret;
	}

	let mut decrypted_vec: Vec<u8> = vec![0; sec_size as usize];
	let decrypted_slice = &mut decrypted_vec[..];
	let iv = [0;12];
	let aad:[u8;0] = [0;0];

	let ret = rsgx_rijndael128GCM_decrypt(&sk_key,
	&secret_slice,
	&iv,
	&aad,
	gcm_mac,
	decrypted_slice);

	match ret {
	Ok(()) => {
	if decrypted_slice[0] == 0 && decrypted_slice[1] != 1 {
	return sgx_status_t::SGX_ERROR_INVALID_SIGNATURE;
	}
	else {
	return sgx_status_t::SGX_SUCCESS;
	}
	},
	Err(_) => {
	return sgx_status_t::SGX_ERROR_UNEXPECTED;
	}
	}
	}